Latest Cybersecurity News and Articles
25 August 2025
Data I/O has disclosed a ransomware attack that disrupted the company’s operations, including communications, shipping and production.
The post Chip Programming Firm Data I/O Hit by Ransomware appeared first on SecurityWeek.
25 August 2025
Security Information and Event Management (SIEM) systems act as the primary tools for detecting suspicious activity in enterprise networks, helping organizations identify and respond to potential attacks in real time. However, the new Picus Blue Report 2025, based on over 160 million real-world attack simulations, revealed that organizations are only detecting 1 out of 7 simulated attacks,
25 August 2025
The Anatsa Android banking trojan has expanded its target list to new countries and more cryptocurrency applications.
The post Anatsa Android Banking Trojan Now Targeting 830 Financial Apps appeared first on SecurityWeek.
25 August 2025
CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment.
The post CISA Requests Public Feedback on Updated SBOM Guidance appeared first on SecurityWeek.
25 August 2025
Netskope has an annual recurring revenue of more than $707 million, but it’s still not profitable, reporting a net loss of $170 million in H1.
The post SASE Company Netskope Files for IPO appeared first on SecurityWeek.
25 August 2025
The Arch Linux Project has been targeted in a DDoS attack that disrupted its website, repository, and forums.
The post Arch Linux Project Responding to Week-Long DDoS Attack appeared first on SecurityWeek.
25 August 2025
The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating System Solutions) Linux systems with malicious Desktop shortcut files in attacks targeting Indian Government entities.
"Initial access is achieved through spear-phishing emails," CYFIRMA said. "Linux BOSS environments are targeted via weaponized .desktop
25 August 2025
Farmers New World Life Insurance and Farmers Group have filed separate data breach notifications with state authorities.
The post Farmers Insurance Data Breach Impacts Over 1 Million People appeared first on SecurityWeek.
25 August 2025
Agentic AI, while performing routine tasks such as shopping online, could be tricked into carrying out certain actions.
24 August 2025
Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator.
"On the first successful login, the package sends the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor," Socket researcher Kirill Boychenko
23 August 2025
Cybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining infrastructure.
The first set of attacks entails the exploitation of CVE-2024-36401 (CVSS score: 9.8), a critical
22 August 2025
A Russia-sponsored campaign is targeting end-of-life devices via a seven-year-old vulnerability.
22 August 2025
Dubbed Operation Serengeti 2.0, the operation took place between June and August.
The post Large Interpol Cybercrime Crackdown in Africa Leads to the Arrest of Over 1,200 Suspects appeared first on SecurityWeek.
22 August 2025
Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell.
The "Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file," Trellix researcher Sagar Bade said in a technical write-up.
"The payload isn't hidden inside the file content or a macro, it's encoded directly
22 August 2025
Noteworthy stories that might have slipped under the radar: cryptojacker sentenced to prison, ECC.fail Rowhammer attack, and Microsoft limits China’s access to MAPP.
The post In Other News: McDonald’s Hack, 1,200 Arrested in Africa, DaVita Breach Grows to 2.7M appeared first on SecurityWeek.
22 August 2025
Silk Typhoon was seen exploiting Citrix NetScaler and Commvault vulnerabilities for initial access to victim systems.
The post Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day appeared first on SecurityWeek.
22 August 2025
Inotiv, a pharmaceutical firm, was hit with a ransomware attack.
22 August 2025
Cybersecurity researchers are calling attention to malicious activity orchestrated by a China-nexus cyber espionage group known as Murky Panda that involves abusing trusted relationships in the cloud to breach enterprise networks.
"The adversary has also shown considerable ability to quickly weaponize N-day and zero-day vulnerabilities and frequently achieves initial access to their targets by
22 August 2025
INTERPOL on Friday announced that authorities from 18 countries across Africa have arrested 1,209 cybercriminals who targeted 88,000 victims.
"The crackdown recovered $97.4 million and dismantled 11,432 malicious infrastructures, underscoring the global reach of cybercrime and the urgent need for cross-border cooperation," the agency said.
The effort is the second phase of an ongoing law
22 August 2025
Davis Lu was sentenced to four years in prison for installing malicious code on employer’s systems and for deleting encrypted data.
The post Developer Who Hacked Former Employer’s Systems Sentenced to Prison appeared first on SecurityWeek.